admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7e5460e6c6'
${ noResults }
Deploiement_Server/deployment-apps/winwatch/default/data/ui/views/logons.xml

263 lines
14 KiB
Raw Blame History

<form>
<search id="my_search1">
<query>index="$idx$" sourcetype="$st$" (EventCode=528 OR EventCode=540 OR EventCode=552 OR EventCode=4648 OR EventCode=4624 OR EventCode=4774) Logon_Type=* earliest=-48h|eval Account_Name=if(isnull(Account_Name),User,Account_Name)|eval Account_Name=mvindex(Account_Name,1)|search NOT (Account_Name="*$" OR Account_Name="ANONYMOUS LOGON" OR Account_Name="SYSTEM" OR Account_Name="LOCAL SERVICE" OR Account_Name="NETWORK SERVICE" OR Account_Name="-")|timechart span=1d dc(ComputerName) AS server_count,dc(Account_Name) AS user_count,count AS logon_count</query>
</search>
<search id="my_search2">
<query>index="$idx$" sourcetype="$st$" (EventCode=528 OR EventCode=540 OR EventCode=552 OR EventCode=4648 OR EventCode=4624 OR EventCode=4774) Logon_Type=*|eval Account_Name=if(isnull(Account_Name),User,Account_Name)|eval Account_Name=mvindex(Account_Name,1)|search NOT (Account_Name="*$" OR Account_Name="ANONYMOUS LOGON" OR Account_Name="SYSTEM" OR Account_Name="LOCAL SERVICE" OR Account_Name="NETWORK SERVICE" OR Account_Name="-")|eval login_method=Logon_Type|replace 0 with "System Only",2 with "Interactive Logon",3 with "Network",4 with "Batch",5 with "Service",6 with "Proxy logon",7 with "Unlock",8 with "Network Clear Text",9 with "New Credentials",10 with "Remote Interactive",11 with "Cached Interactive",12 with "CachedRemoteInteractive",13 with "CachedUnlock" in login_method|timechart span=1d count by login_method|addtotals</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
</search>
<search id="my_search3">
<query>index="$idx$" sourcetype="$st$" (EventCode=528 OR EventCode=540 OR EventCode=552 OR EventCode=4648 OR EventCode=4624 OR EventCode=4774) Logon_Type=*|eval Account_Name=if(isnull(Account_Name),User,Account_Name)|eval Account_Name=mvindex(Account_Name,1)|search NOT (Account_Name="*$" OR Account_Name="ANONYMOUS LOGON" OR Account_Name="SYSTEM" OR Account_Name="LOCAL SERVICE" OR Account_Name="NETWORK SERVICE" OR Account_Name="-")|stats count by Account_Name,ComputerName,Source_Network_Address|search NOT (Source_Network_Address="-")</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
</search>
<label>User Logon Metrics / Trends</label>
<fieldset submitButton="false">
<input type="dropdown" token="idx">
<label>Select The Index</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>index</fieldForLabel>
<fieldForValue>index</fieldForValue>
<search>
<query>| eventcount summarize=false index=* | dedup index | fields index</query>
</search>
</input>
<input type="dropdown" token="st">
<label>Select Sourcetype</label>
<choice value="WinEventLog:Security">WinEventLog:Security</choice>
<default>WinEventLog:Security</default>
<fieldForLabel>sourcetype</fieldForLabel>
<fieldForValue>sourcetype</fieldForValue>
<search>
<query>|metadata type=sourcetypes|table sourcetype|search NOT sourcetype="WinEventLog:Security"</query>
</search>
</input>
<input type="time" token="field1" searchWhenChanged="true">
<label>Date</label>
<default>
<earliest>-30d@d</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<single>
<title>SERVER COUNT</title>
<search base="my_search1">
<query>|table _time server_count |timechart span=1d sum(server_count) AS count</query>
</search>
<option name="drilldown">none</option>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="numberPrecision">0</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<option name="rangeColors">["0x6db7c6","0xf7bc38"]</option>
<option name="rangeValues">[15000]</option>
<option name="underLabel">Day-Day Trend</option>
</single>
</panel>
<panel>
<single>
<title>USER COUNT</title>
<search base="my_search1">
<query>|table _time user_count |timechart span=1d sum(user_count) AS count</query>
</search>
<option name="drilldown">none</option>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="numberPrecision">0</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<option name="rangeColors">["0x6db7c6","0xf7bc38"]</option>
<option name="rangeValues">[15000]</option>
<option name="underLabel">Day-Day Trend</option>
</single>
</panel>
<panel>
<single>
<title>LOGON COUNT</title>
<search base="my_search1">
<query>|table _time logon_count |timechart span=1d sum(logon_count) AS count</query>
</search>
<option name="drilldown">none</option>
<option name="colorBy">value</option>
<option name="colorMode">block</option>
<option name="numberPrecision">0</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">before</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
<option name="rangeColors">["0x6db7c6","0xf7bc38"]</option>
<option name="rangeValues">[15000]</option>
<option name="underLabel">Day-Day Trend</option>
</single>
</panel>
</row>
<row>
<panel>
<title>Logon Trend</title>
<chart>
<title>Overall Trend</title>
<search base="my_search2">
<query>|fields _time Total</query>
</search>
<option name="charting.chart">column</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">collapsed</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
</row>
<row>
<panel>
<chart>
<title>Interactive Logons</title>
<search base="my_search2">
<query>|fields _time "System Only","Interactive Logon",Unlock,"Remote Interactive","Cached Interactive","CachedRemoteInteractive"</query>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">collapsed</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
<panel>
<chart>
<title>Non-Interactive Logon</title>
<search base="my_search2">
<query>|fields - Total "System Only","Interactive Logon",Unlock,"Remote Interactive","Cached Interactive","CachedRemoteInteractive"</query>
</search>
<option name="charting.chart">column</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">collapsed</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
</row>
<row>
<panel>
<chart>
<title>Top 5 - Active Accounts</title>
<search base="my_search3">
<query>|stats sum(count) AS count by Account_Name|sort - count |head 5</query>
</search>
<option name="charting.chart">bar</option>
</chart>
</panel>
<panel>
<chart>
<title>Top 5 - Active Hosts</title>
<search base="my_search3">
<query>|stats sum(count) AS count by ComputerName|sort - count |head 5</query>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
<panel>
<chart>
<title>Top 5 - Active Network Sources</title>
<search base="my_search3">
<query>|stats sum(count) AS count by Source_Network_Address|sort - count |head 5</query>
</search>
<option name="charting.chart">bar</option>
</chart>
</panel>
</row>
</form>
Reference in new issue View Git Blame Copy Permalink